<HTML>
<HEAD>
<TITLE>File upload</TITLE>
</HEAD>
<BODY>
<?
$user_name=$_POST['user_name'];
$isDealer = $_POST['dealer'];
echo "<H3>Welcome ".$user_name."!</H3><br>";

include 'dbconnect.php';

if (isset($_POST['act_view'])){
	$query ="select VehicleForSaleID, ImgName from VehicleForSale where NonAdmins_AllUsers_LoginID = '$user_name'";
	$result = mysqli_query($mysql, $query) or die("Error: query failed\n");
	$row_cnt = mysqli_num_rows($result);	//Count the number of rows in the query result
	printf("You have %d listing(s) in the database.<BR>", $row_cnt );

	while ($row = mysqli_fetch_assoc($result)) {
		$id = $row["VehicleForSaleID"];
		$imgName = $row["ImgName"];
		printf("<a href=\"download.php?id=%d&name=%s\">%s</a></br>", $id, $user_name, $imgName);
	}
	
	$userquery = "select count(*) from Dealer where NonAdmins_AllUsers_LoginID = '$user_name'";  
	
	$result = mysqli_query( $mysql, $userquery );
	$row = mysqli_fetch_row( $result );
	if( $row[0] == 0 )
		printf("<a href=\"viewall.php?name=%s\">View All Announcements</a></br>",$user_name);

	
}
elseif (isset($_POST['act_upload']) && $_FILES['uploaded']['size'] > 0) {

	$imgName = $_FILES['uploaded']['name'];
	$tmpName = $_FILES['uploaded']['tmp_name'];

        $fp      = fopen($tmpName, 'r');
        $imgData = fread($fp, filesize($tmpName));
        $imgData = addslashes($imgData);
        fclose($fp);
	
	$make = $_POST['make'];
	$model = $_POST['model'];
	$year = (int)$_POST['year'];
	$price = (float)$_POST['price'];
	$mileage = (int)$_POST['mileage'];
	$color= $_POST['color'];
	$engine= $_POST['engine'];
	$drivetrain= $_POST['drivetrain'];
	$doors = (int)$_POST['doors'];
	$vin= (int)$_POST['vin'];
	$desc= $_POST['desc'];

        if(!get_magic_quotes_gpc())
        {
           $imgName = addslashes($imgName);
        }

	// The getimagesize() function will determine the size of any given image file 
	// and return the dimensions along with the file type and a height/width text string 
	// to be used inside a normal HTML IMG tag and the correspondant HTTP content type.
	$imgSize = getimagesize($_FILES['uploaded']['tmp_name']);

	// query the database to see if there is an image which matches
	$query = "select count(*) from VehicleForSale where NonAdmins_AllUsers_LoginID = '$user_name' and ImgName = '$imgName'";

	$result = mysqli_query( $mysql, $query );
	if(!$result){
		echo "Cannot execute query<br>";
		exit;
	}
	$row = mysqli_fetch_row( $result );
	$count = $row[0];

	if ( $count > 0 )   {
		printf("You have already uploaded an image with the same filename.<br>");
	}
	else{
		move_uploaded_file($_FILES['uploaded']['tmp_name'],"images/" . $_FILES['uploaded']['name']);
		$imgName = "images/" . $_FILES['uploaded']['name'];
		$query ="INSERT INTO VehicleForSale (VehicleForSaleID, NonAdmins_AllUsers_LoginID, Make, Model, VehicleYear, Price,
			Mileage, ExteriorColor, Engine, DriverType, NoDoors, VIN, Photo, Description, ImgName)". 
			" VALUES ('','$user_name','$make','$model','$year','$price','$mileage', '$color', '$engine', '$drivetrain',
			'$doors', '$vin', '$imgData', '$desc', '$imgName')";

		if(!mysqli_query($mysql, $query)){
			printf("Upload failed: %s<br>", mysqli_error($mysql));
			exit;
		}
		else{
			echo "Your file ". $_FILES['uploaded']['name']. " has been successfully uploaded.<br>"; 
		}
	}		

	$query ="select VehicleForSaleID, ImgName from VehicleForSale where NonAdmins_AllUsers_LoginID = '$user_name'";

	if ($result  = mysqli_query($mysql,$query)) {
		$row_cnt = mysqli_num_rows($result);   //Count the number of rows in query result
		printf("You have %d posting(s) in database.<BR>", $row_cnt );

		//while ($row = mysqli_fetch_assoc($result)) {
		//	$id = $row["VehicleForSaleID"];
		//	$imgName = $row["ImgName"];
		//	printf("<a href=\"download.php?id=%d\">%s</a></br>", $id, $imgName);
		}
	
	else{
		printf("Error encountered: %s<br>", mysqli_error($mysql));
		exit;
	}
}

/* close connection */
mysqli_close($mysql);

echo '</form>';
?> 

<p><a href=login.php>Log out</a> 
</BODY> 
</HTML>
